Skip to content

Commit

Permalink
add docs for using own cert for existing installs
Browse files Browse the repository at this point in the history
  • Loading branch information
wh1te909 committed Sep 17, 2024
1 parent 41097d0 commit 30cc1b4
Showing 1 changed file with 20 additions and 1 deletion.
21 changes: 20 additions & 1 deletion docs/functions/settings_override.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,29 @@ Change `(days=30)` to whatever you prefer. Then run `sudo systemctl restart rmm.

### Using your own wildcard SSL cert

This is only supported during initial install, not after you've already installed.
#### Before Install

Follow the instructions in the [install guide](../install_server.md#step-5-run-the-install-script) for the `--use-own-cert` install flag.

#### Existing Install

1. Append the following two variables to `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py`, replacing the paths with the actual locations of your certificate and private key. The certificate must include the full chain:
```python
CERT_FILE = "/path/to/your/fullchain.pem"
KEY_FILE = "/path/to/your/privkey.pem"
```

2. Ensure that both files are readable by the `tactical` Linux user:
```bash
sudo chown tactical:tactical /path/to/your/fullchain.pem /path/to/your/privkey.pem
sudo chmod 440 /path/to/your/fullchain.pem /path/to/your/privkey.pem
```

3. Update all instances of `ssl_certificate` and `ssl_certificate_key` in the three Nginx configuration files located in `/etc/nginx/sites-available` to point to your certificate and private key paths.

4. Restart the services: `sudo systemctl restart nginx meshcentral rmm daphne`


### Use NATS Standard instead of NATS websocket

Prior to TRMM v0.14.0 (released 7/7/2022), agents NATS traffic connected to the TRMM server on public port 4222.
Expand Down

0 comments on commit 30cc1b4

Please sign in to comment.